Hello everyone! I am currently working on a change password code. I am having trouble because everytime I click submit the page seems to simply refresh. I am new to php and I am sure that everything on the database side is working alright. I have a working login, registration, etc. The only thing that doesn't work is the change password. I would appreciate any and all help! Thank you!

<html>
    <head>
        <title>Change Password</title>
            <link rel="stylesheet" type="text/css" href="style.css" />
    </head>
    <body>
<?php
$connection=mysql_connect('localhost','root','') or die (mysql_error());
$db=mysql_select_db('loginTut',$connection) or die (mysql_error());

$username = $_POST['username'];
$password = $_POST['password'];
$newpassword = $_POST['newpassword'];
$newpassword = md5($newpassword);
$confirmnewpassword = $_POST['confirmnewpassword'];
$confirmnewpassword = md5($confirmnewpassword); 
$result = mysql_query("SELECT count(*) FROM users WHERE username='$username' and password='".md5($password)."'");
if(mysql_result($result,0)==1) //there must be one combination of user/pass
{
    if($newpassword==$confirmnewpassword) 
    {
        $sql=mysql_query("UPDATE users SET password='$newpassword' where username='$username'"); 
        if($sql) 
        { 
            echo "Congratulations! You have successfully changed your password"; 
        }
    }
    else
    { 
        echo "The new password and confirm new password fields must be the same"; 
    }   
}
else
{ 
    echo "Invalid Username/Password"; 
} 
?>

<form action="changepassword.php" method="post">
<div id="border">
<table cellpadding="2" cellspacing="0" border="0">
    <tr>
        <td align="center" colspan="2">Change your password by entering the necessary information below:</td>
    </tr>
    <tr>
        <td>Username:</td>
        <td><input type="text" name="username" /></td>
    </tr>
    <tr>
        <td>Password:</td>
        <td><input type="password" name="password" /></td>
    </tr>
    <tr>
        <td>New Password:</td>
        <td><input type="password" name="newpassword" /></td>
    </tr>
    <tr>
        <td>Confirm New Password:</td>
        <td><input type="password" name="confirmnewpassword" /></td>
    </tr>
    <tr>
        <td align="center" colspan="2"><input type="submit" name="submit" value="Submit" /></td>
    </tr>
</table>
</div>
</form>
    </body>
</html>

Hi,

Try this ( here we use the same page for the form and data processing : changepassword.php ) :

<html>
    <head>
        <title>Change Password</title>
        <link rel="stylesheet" type="text/css" href="style.css" />
    </head>
<body>
<?php

if(isset($_POST['username']){ // we sent data

    $connection=mysql_connect('localhost','root','') or die (mysql_error());
    $db=mysql_select_db('loginTut',$connection) or die (mysql_error());

    $username = $_POST['username'];
    $password = $_POST['password'];
    $newpassword = $_POST['newpassword'];
    $newpassword = md5($newpassword);
    $confirmnewpassword = $_POST['confirmnewpassword'];
    $confirmnewpassword = md5($confirmnewpassword); 

    if($newpassword != $confirmnewpassword){
        echo "The new password and confirm new password fields must be the same";
    }else{

        $result = mysql_query("SELECT count(*) FROM users WHERE username='$username' and password='".md5($password)."'");   

        if(mysql_result($result,0) == 1) { //there must be one combination of user/pass

            $sql=mysql_query("UPDATE users SET password='$newpassword' where username='$username'"); 
            if($sql) { 
                echo "Congratulations! You have successfully changed your password"; 
            }

        } else { 
            echo "Invalid Username/Password"; 
        } 
    }

} else { // we have not already sent the data, so we show the form

?>

    <form action="changepassword.php" method="post">
        <div id="border">
            <table cellpadding="2" cellspacing="0" border="0">
                <tr>
                    <td align="center" colspan="2">Change your password by entering the necessary information below:</td>
                </tr>
                <tr>
                    <td>Username:</td>
                    <td><input type="text" name="username" /></td>
                </tr>
                <tr>
                    <td>Password:</td>
                    <td><input type="password" name="password" /></td>
                </tr>
                <tr>
                    <td>New Password:</td>
                    <td><input type="password" name="newpassword" /></td>
                </tr>
                <tr>
                    <td>Confirm New Password:</td>
                    <td><input type="password" name="confirmnewpassword" /></td>
                </tr>
                <tr>
                    <td align="center" colspan="2"><input type="submit" name="submit" value="Submit" /></td>
                </tr>
            </table>
        </div>
    </form>

<?php } ?>

</body>
</html>

Thank you for the quick response! I appreciate it a lot. The code that you sent me has some sort of syntax error. I am coding all my stuff in dreamweaver and it has syntax errors on lines 9 and 39. I copied exacfly what you had there. Could you help me out?

Member Avatar
diafol

I can't see anything majorly wrong here, but you need to clean your data properly and check more thoroughly:

session_start();
//... connection details...

if(isset($_POST['username']) && !empty($_POST['password']) && !empty($_POST['password']) && !empty($_POST['newpassword']) && !empty($_POST['confirmnewpassword']) && $_POST['newpassword'] === $_POST['confirmnewpassword'] && isset($_SESSION['user_id']){
    $post = array_map("mysql_real_escape_string", $_POST);
    extract($post);
    $password = md5($password);
    $newpassword = md5($newpassword);
    $confirmnewpassword = md5($confirmnewpassword);
    $id = $_SESSION['id'];
    $r = mysql_query("SELECT `password` FROM `users` WHERE user_id = $id AND `username` = '$username' LIMIT 1");
    if(mysql_num_rows($r)){
        $d = mysql_fetch_assoc($r);
        if($d['password'] == $password){
            $r = mysql_query("UPDATE `users` SET `password` = '$newpassword' WHERE user_id = $id");
            if(mysql_affected_rows() == 1){
                //SUCCESS
            }else{
                //error = 3 
            }
        }else{
            //error = 2
        }
    }else{
        //error = 2
    }
}else{
    //error = 1
}

Off top of my head - so not tested. Loads of ways you could do this. This is just one.

I found a bit more information about the error. Whenever I load up the screen on my local host, the first line of code displays an error exactly the same as the message on line 35 in my original code. I hope that helps! Thanks everyone for your help.

I have fixed the problem of submitting. It now works can update the code. The problem now is more with changing it aesthetically. I mean when I load up the page, in the corner of the screen, it loads the success message. I appreciate your help and thank you! Here is the code:

<?php
session_start();
$connection=mysql_connect('localhost','root','') or die (mysql_error());
$db=mysql_select_db('loginTut',$connection) or die (mysql_error());
include "functions.php";
?>
<html>
    <head>
        <title>Change Password</title>
            <link rel="stylesheet" type="text/css" href="style.css" />
    </head>
    <body>
<?php    
$username = protect($_POST['username']);
$password = protect($_POST['password']);
$newpassword = protect($_POST['newpassword']);
$newpassword = md5($newpassword);
$confirmnewpassword = protect($_POST['confirmnewpassword']);
$confirmnewpassword = md5($confirmnewpassword); 
$result = mysql_query("SELECT count(*) FROM users WHERE username='$username'");
if(mysql_result($result,0)==1) //there must be one combination of user/pass
{
    if($newpassword==$confirmnewpassword) 
    {
        $sql=mysql_query("UPDATE users SET password='$newpassword' WHERE username='$username' AND password='$password'"); 
        if($sql) 
        { 
            echo "You have successuflly changed your password!"; 
        }
    }
    else
    { 
        echo "Your new password must match with the confirm password field"; 
    }   
}
else
{ 
    echo "You have entered a wrong username or password"; 
} 
?>
<form action="changepassword.php" method="post">
<div id="border">
<table cellpadding="2" cellspacing="0" border="0">
    <tr>
        <td align="center" colspan="2">Change your password by entering the necessary information below:</td>
    </tr>
    <tr>
        <td>Username:</td>
        <td><input type="text" name="username" /></td>
    </tr>
    <tr>
        <td>Password:</td>
        <td><input type="password" name="password" /></td>
    </tr>
    <tr>
        <td>New Password:</td>
        <td><input type="password" name="newpassword" /></td>
    </tr>
    <tr>
        <td>Confirm New Password:</td>
        <td><input type="password" name="confirmnewpassword" /></td>
    </tr>
    <tr>
        <td align="center" colspan="2"><input type="submit" name="submit" value="Submit" /></td>
    </tr>
</table>
</div>
</form>
    </body>
</html>
Member Avatar
diafol

This is why I suggested the first if statement. It only runs the code if the form has been submitted. No output from php should be seen if you just enter the page.

Thank you for your help! You have helped immensely. I will take your advice into consideration and fix these bugs. Thank you!